For the truly paranoid, using blogs for project management requires secure RSS

May 29, 2004

Lauren Wood nails why a lot of people don't use blogs for password protection: lack of authentication and encryption.

I think a large part of the problem is the insecurity of RSS feeds and blogs in general. Blog systems don't by default offer their HTML pages and RSS feeds secured using basic authentication over SSL.

Having blogs and RSS feeds secured using basic auth over SSL as an easy to configure and buy bundle for corporations and organizations would address this problem. Unfortunately, none of the blog systems that I know of do this out of the box. And getting an SSL certificate requires a unique IP address and is too much of a hassle even though it is getting easier (yes I know you can fake a certificate, but this is a major kludge).

Hmmm. I think that this is what is known as a business opportunity.

Finally, a few words about the advantages of blogging: first of all everybody can see it; email's point to point nature sucks; usually the people who can benefit most from an email aren't on the receiver list and never get it forwarded to them. Secondly, everything in a blog has a unique URL which can be referenced forever. The ability to reference a blog post with a unique address is under-rated.

And yes, I know you can have mailing list archives with URLs but typically they don't generate RSS and the URL is never included in the actual email so you have this ridiculous impendance mismatch of having to open your browser to get the email URL.

I chaired the RSS and Weblog day at Seybold San Francisco 2003 (I’d put in a link but there’s nothing useful there that isn’t password-protected). One of the panelists was talking about using blogs for project management, especially when new people are expected on the team. The idea is that new people can come up to speed quickly and don’t need to have mega-mounds of email forwarded to them. Sounds good, but in practice I’m finding that people have a hard time adapting to using more than one method of communication. So many people use email for a simple todo-list tracker and project manager that they send email first and think about maybe doing a blog entry “if they have time” afterwards.

I’ve started to wonder whether there are deeper issues here than just people not quite being ready to move to a new technology. There are, of course, technology issues as well. One obvious disadvantage to project managent via a blog is that you always have to be connected to the internet to keep on top of it. This rules out those people who catch up on their todos while sitting on a plane. And VPN and security technologies that involve passwords and logons tend to put people off as well. RSS/Atom feeds that involve passwords are difficult to manage (pointers to good readers that can manage password-protected blogs are welcome, and I’ll update this page to include them).